Hit the Ground Running- Automating Metasploit

Posted on February 11, 2014 -
2 min read

There are a number of commands that tend to get run on every session on a target I get in Metasploit. Using resource files, these commands can be automated to dump as much information as possible, as quickly as possible. This can be combined with an MSFConsole autostart script to automate the starting of handlers and pre-fill options for post modules that don’t need to be run on every session.

First we make a new file for the autorunscript to be run on each new session:
nano /infogather

Each command will be run sequentially and then background the session. Any command that can be run through a meterpreter shell can be used, with options added (for example, screenshot using the -v false option). Running the above commands will save screenshots to the default directory, /root/*RANDOMNAME*.jpeg and will save the output from the other gather post modules to the /root/.msf4/loot directory.

It should be noted that running a large number of commands could cause sessions to drop. If you find that being the case, try removing some of the commands you don’t need output from on every session. Alternatively, this could be run up as a resource file by calling it with:

resource /infogather

Now we’re all set to catch some shells. Let’s make that easier by having a handler autostart, get logging all set up, and get the post/windows/manage/multi_meterpreter_inject module ready to spread our session to some other machines for posterity.

Let’s create the /root/.msf4/msfconsole.rc file that MSFConsole will automatically run with

Similar to the autosploit resource file, any command normally entered into the msf prompt can be used– enabling you to set up any post module you want. Don’t forget to replace the Xs above with the proper IP data. If you’re using the multi_meterpreter_inject, you can add multiple addresses in a semicolon-separated list to spread the meterpreter session to numerous boxes for penetration.

Finally, we’ll create a resource file to kill and restart a listener– good for when you’re on a social engineering call and the just isn’t quite coming in.